<?php 
session_start();

if(!$_SESSION['erlogin'])
{
	$_SESSION['erlogin'] = "";
	$_SESSION['username'] = "";
	
}

error_reporting(0);
define('ISADMIN', true);
include('config.php');





if ($_SESSION['erlogin'] == "") {
	$error = false;
	if (isset($_POST['submit']) && $_POST['submit'] == "Login") {
		$c = get_post_data();
		
		if (empty($c['username']) || empty($c['password'])) $error = true;
		$user = get_single_item(array(
			'table' => USERS,
			'class' => 'user',
			'where' => '`user_username` = "'.escape($c['username']).'" AND `user_password` = "'.md5($c['password']).'"'
		));
		
		if (empty($user)) $error = true;
		
		if ($error === false) {
			//setcookie($tablePrefix.'loggedIn', $c['username'].'_'.md5(SECRET.sha1(md5($c['password']).get_date('n'))), time()+(60*60*24*30), '/');
			$_SESSION['erlogin'] = "OK";
			$_SESSION['username'] = $user->user_username;
		}
	}
		
}


?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Add Comment</title>
<link rel="stylesheet" type="text/css" href="theme/css/style.css"/>
<link rel="stylesheet" type="text/css" href="theme/css/jquery.ui/jquery-ui-1.8.16.custom.css" />
<link rel="stylesheet" type="text/css" href="theme/css/colorbox.css" />
<link rel="stylesheet" type="text/css" href="theme/css/jquery.slider.css" />


<script type="text/javascript" src="theme/js/jquery-1.5.2.min.js"></script>
<script type="text/javascript" src="theme/js/jquery-ui-1.8.16.custom.min.js"></script> 
<script type="text/javascript" src="theme/js/jquery.colorbox-min.js"></script> 
<script type="text/javascript" src="theme/js/jquery.validate.js"></script>
</head>
<body>
<?php
if($_SESSION['erlogin'] == "OK" && $_GET['postid'] != "")
{
	
	if (isset($_POST['submit']) && $_POST['submit'] == "Add") {
	$userinfo = get_single_item(array(
			'table' => USERS,
			'class' => 'user',
			'where' => '`user_username` = "'.escape($_SESSION['username']).'"'
		));
    
    //print_r($userinfo);

	$c = array();
	$status = 1;
	$c['agent'] = get_global($_SERVER, 'HTTP_USER_AGENT');
	$c['ip'] = get_global($_SERVER, 'REMOTE_ADDR');
	$c['post_id'] = $_GET['postid'];
	$c['name'] = $userinfo->user_username;
	$c['website'] = $userinfo->user_website;
	$c['email'] = $userinfo->user_email;
	$c['comment'] = $_POST['comment'];
	
   // print_r($c);
	
	/* ########## START PROCESSING ########## */
	
	$result = $mysql->insert(COMMENTS, array(
		'comment_post_id' => $_GET['postid'],
		'comment_date' => get_date($dateFormats['mysql']),
		'comment_author' => $c['name'],
		'comment_author_email' => $c['email'],
		'comment_author_site' => $c['website'],
		'comment_author_ip' => $c['ip'],
		'comment_author_agent' => $c['agent'],
		'comment_content' => $c['comment'],
		'comment_status' => $status
	));
	
	}
	
	
	?>
			<form action="<?php print $_SERVER['REQUEST_URI']; ?>" method="post">
			<p>
            <textarea class="commentfield" type="text" name="comment" id="comment"></textarea><br />
			<p><input type="submit" name="submit" class="button" value="Add" /></p>
		</form>
<?php 
}
elseif($_SESSION['erlogin'] == "")
{

?>


<h2>Please Login</h2>

		<form action="<?php print $_SERVER['REQUEST_URI']; ?>" method="post">
			<p><label for="username">Username</label>
			<input type="text" name="username" id="username" /></p>
			
			<p><label for="password">Password</label>
			<input type="password" name="password" id="password" /></p>
			
			<p><input type="submit" name="submit" class="button" value="Login" /></p>
		</form>
        
        <h4><a href="register.php" class="register_link">Register?</a></h4>
<?php

}
else
print "Error!!";
?>
<script>
	$(document).ready(function(){
			$(".register_link").colorbox({width:"600", height:"500", iframe:true});
			
		});	
			
    </script>
</body>
</html>
